Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Changing EIP register with LUA is not reproducing

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Lua Scripting
View previous topic :: View next topic  
Author Message
sullx
Cheater
Reputation: 0

Joined: 03 Jan 2013
Posts: 37

PostPosted: Sat Jan 19, 2013 1:17 am    Post subject: Changing EIP register with LUA is not reproducing Reply with quote

I can inject some code manually with auto assembler and then I right click the address I am interested in and change the eip register to point to my newly allocated memory, which operates and then jumps back to where it left off.

I am trying to automate this with lua and this is what I have

Code:
script=[[
globalalloc(newmem,20) //2kb should be enough
newmem:
fstp dword ptr [edi+000000A0]
add dword ptr [edi+000000A0],CD0000
jmp 0054E708
]]
autoAssemble(script);
print( string.format( '%x', getAddress("newmem") ) );
function debugger_onBreakpoint()
  EIP=string.format( '%x', getAddress("newmem") );

  debug_continueFromBreakpoint(co_run)
end

reinitializeSymbolhandler()
debugProcess()
debug_setBreakpoint("0054E702")


This moves the EIP to the newly allocated memory but in a different way. When I do it manually, the game is fine and it works perfect. When I do it using EIP=getAddress as above, the game crashes. What's going on?

Thanks
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Sat Jan 19, 2013 4:09 am    Post subject: Reply with quote

In this case EIP is a numeric value, not a string.
So EIP=getAddress("newmem")

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
sullx
Cheater
Reputation: 0

Joined: 03 Jan 2013
Posts: 37

PostPosted: Sat Jan 19, 2013 12:58 pm    Post subject: Reply with quote

Unfortunately, that doesnt work because getAddress returns the address of newmem in decimal. So i Need to convert the address to hex which it does and I can also verify that the eip is changed to the hex addres I want it to after I convert from decimal by printing out the eip. But it crashes the game..

What's going on?
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Sat Jan 19, 2013 1:36 pm    Post subject: Reply with quote

EIP is also a decimal, so do not convert it to hex
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
sullx
Cheater
Reputation: 0

Joined: 03 Jan 2013
Posts: 37

PostPosted: Sat Jan 19, 2013 2:38 pm    Post subject: Reply with quote

OK, you are right. But even still, the EIP= is not behaving the way the Change register on breakpoint is. I have recorded a small video to show the exact difference.

hxxp://youtu.be/Dr8Oq5Tj2CU (change x's to t's)

Essentially, what I have done is toggled a breakpoint and changed the eip register at that point to the next opcode, effectively jumping over the operation at the breakpoint. This works just fine when I do it manually as you can see the minesweeper timer pause until I untoggle the breakpoint. When I perform the exact same operation via LUA, there is completely different behavior. The timer gets reset to zero and sometimes -99.

Is the Change register at breakpoint coded differently than EIP=Address? Also, I have set the EIP address with Hex in the video, but I have also done it using Dec and reproduced the same results as above.
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Sat Jan 19, 2013 3:16 pm    Post subject: Reply with quote

Try instead of
Code:

EIP=FF83B760

Code:

EIP=0xFF83B760


For some reason the first one doesn't error out, but sets the value to nil

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
sullx
Cheater
Reputation: 0

Joined: 03 Jan 2013
Posts: 37

PostPosted: Sat Jan 19, 2013 3:20 pm    Post subject: Reply with quote

Thanks DarkByte,

But unfortunately, adding 0x to the memory address didn't work either, it still nils the value out when I use LUA, which makes me believe that its not actually changing the eip to the next opcode in the same way that using the 'Change register at this location' does.

-- edit --

I am going to look at the CE source and see if I can't figure out what's the difference is.
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Sat Jan 19, 2013 4:19 pm    Post subject: Reply with quote

I just checked the source and your video closer.
You're using it on a 64-bit application, so instead of EIP, use RIP (EIP does not exist to lua when debugging a 64-bit program)

sourcecode in luahandler.pas:
Code:

                lua_getglobal(luavm, 'RIP');
                context.RIP:=lua_tointeger(luavm, -1);       

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
sullx
Cheater
Reputation: 0

Joined: 03 Jan 2013
Posts: 37

PostPosted: Sat Jan 19, 2013 4:48 pm    Post subject: Reply with quote

Brilliant, ip-16bit, eip-32bit, rip-64bit. Had no idea! I was getting that sense when looking through frmModifyRegistersUnit.pas as there are different declarations for 64bit. But I probably wouldn't have put it together for a while.

Thank you!
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Lua Scripting All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites